This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
I am having a problem with Domain users installing print driver. I have a GPO setup as show in this link Allow Non-administrators to Install Printer Drivers via GPO – TheITBros I have had this set up for years and just recently it stopped working. I have a new user that I can't even set up a network printer for because the system will not allow him to install the driver. I logged in as domain administrator and installed the printer. It didn't show up on his profile as expected so I tried to install it, now that the driver was on the computer, but is still wouldn't allow him to install it.
The new Windows default requires administrative access to install software downloaded from the print server when using the Windows Point and Print feature, you know this software as the print driver.
Microsoft does permit a new registry setting to allow a standard user to install the software.
A GPO which has worked for years will no longer work based on the new default in Windows.
If you would like to allow standard users the ability to download and install the software from the print server please review the Microsoft article to accomplish this. https://support.microsoft.com/en-gb/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872
Please read the article. The registry setting is a DWord RestrictDriverInstallationToAdministrators in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
When the key does not exist or the value for a manually added key is 1, this prevents the software installation by a standard user.
If you have preinstalled the driver on the client and ALL the files exactly match the file set which is installed on the server, then the driver will be copied from the server and the spooler will compare the files and should throw away the software downloaded from the server.
There is a log file to determine why this may fail. C:\Windows\INF\setupapi.dev.log.
Look for !!! in the log and this should identify which file(s) is causing the mismatch.
Adding a printer is per user. A connection to a shared printer added for user1 will NEVER be seen by user2. User2 will need to add the connection in their security context.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 0%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Answer is helpful, but wow is this security overkill. Stuff that took 5 minutes or zero time to set up will now require a service ticket and hours. HOW DOES THIS HELP US DO OUR WORK?????
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOL%3C/text%3E%3C/svg%3E)
Hi, I have the same problem. Did you manage to solve it?
Thank you
I haven't figured this out yet.